More hash woes

Posted by   Virus Bulletin on   Aug 29, 2005

For the second year running, research presented at the annual Crypto conference raised concerns over the security of commonly-used hash functions.

For the second year running, research presented at the annual Crypto conference has raised concern over the security of commonly-used hash functions. The encryption field was thrown into a frenzy in August 2004 when the security of hash functions MD5, SHA-0 and SHA-1 was called into question (see VB, September 2004, p.3 and October 2004, p.13). Last month, researchers revealed that they have discovered a new, faster attack against the SHA-1 hashing algorithm.

Xiaoyun Wang, one of the team of Chinese researchers that at last year’s Crypto conference outlined methods of finding collisions in the MD4, MD5, HAVEL-128 and RIPEMD algorithms, has announced that the time complexity of a new attack her team has achieved against SHA-1 is 263 (the team’s previous result was 269; brute force is 280). It is also expected that this result will be improved upon over the next couple of months. Wang’s paper can be found at http://www.infosec.sdu.edu.cn/paper/sha1-crypto-auth-new- 2-yao.pdf.

In reaction to the findings, the National Institute of Standards and Technology (NIST) plans to host a two-day Cryptographic Hash Workshop on 31 October and 1 November 2005 to solicit public input on how best to respond to the current state of research in this area.

Posted on 29 August 2005 by Virus Bulletin

 Tags

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.